Comment by h4kunamata
2 days ago
Still compromised: https://socket.dev/blog/trivy-under-attack-again-github-acti...
This is a very old vulnerability, and to see companies falling for it is mental.
The year is 2026 and companies are still using tag over hash. It is well known that you can release different code under the same tag without alerting users.
No comments yet
Contribute on Hacker News ↗